Information security on managed offices
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
If I understood correctly, this managed office is the main premise of your customer, so it can not be excluded from the scope.
If your client does not have much control over the managed office to demand implementation of physical controls related on section A.11, then he should focus on protecting the assets on workstations he uses, and for this he must consider defining a clear desk and clear screen policy to ensure unattended information or equipment is removed from desk and screen when not in use or the user is absent.
Specifically for notebooks you can recommend the use of screen filters that reduce the angle of view from which other personnel can see what is in the screen (with these filters people have to be exactly in front of the screen to see something.)
If want to see how this policy looks like, I suggest you to take a look at the free demo of our Clear desk and clear screen policy at this link: https://advisera.com/27001academy/documentation/clear-desk-and-clear-screen-policy/
This article will provide you further explanation about clear desk and clear screen policy:
- Clear desk and clear screen policy – What does ISO 27001 require? https://advisera.com/27001academy/blog/2016/03/14/clear-desk-and-clear-screen-policy-what-does-iso-27001-require/
Comment as guest or Sign in
Jul 10, 2019